LONDON - Billions of dollars lost, important drug research and development (R&D) and manufacturing progress stopped that could lead to millions of people dead - this is the reality of cyber security breaches in the pharmaceutical industry, that and the US$75 billion each year lost to intellectual property (IP) theft from often elaborately orchestrated hacking operations, per one estimate.

Cyber defense is a major priority in the pharma sector, the main reason being ever-growing reams of data, with detailed information about patients and the technical specifications of drug mechanisms - patents, chemical informatics, and trial data - so any exposure may trigger catastrophic consequences, in view of the effort and expenditures needed to put a new medicine on the market. This costs between US$2-3 billion and takes 10-15 years to jump through all the regulatory hoops, and all this is wasted time, effort, and money if data is lost to a cybersecurity incident.

German multinational healthcare and life science firm Merck KGaA - distinct from US pharma giant Merck -  for example, was targeted by the NotPetya worm in 2017. NotPetya was a variant of the Petya malware, an encryption variant first discovered in 2016, whose features include encrypting hard drive file systems, rendering them unable to boot the operating system, and thus disabling it.

"The NotPetya malware and attack in 2017 took out Merck's production for two months and cost US$870 million. In a brief to Pfizer's board, we estimated a similar incident would cost us US$1.5 billion," said Jim LaBonty, Pfizer’s director of global technology and engineering. "The financial impact is obvious, but there's a lot more at stake here, too.”

"Pfizer delivers about 74 billion doses of medicine per year, including more than 67 billion solid oral doses, 2 billion sterile injectables and 135 million vaccines,” Labonty noted, adding, “…many provider